MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing checks for `address(0)` in the `ContestManager.sol` when assigning values to address state variables

mishraji874

Description: In Solidity, address(0) is often used to represent a null or uninitialized address. Failing to check for address(0) when assigning values to address state variables can lead to unintended behavior or vulnerabilities, as address(0) is typically not a valid or desired address in most contexts.

contestToTotalRewards[address(pot)] = totalRewards;

Impact:

  1. Logic Errors: Assigning address(0) could lead to incorrect logic execution, as it might represent an uninitialized or invalid state.

  2. Security Risks: Functions that rely on valid address checks could be bypassed if address(0) is inadvertently used.

  3. Loss of Funds: Sending Ether or tokens to address(0) results in irretrievable loss, as it acts as a burn address.

Proof of Concept: Consider a function that sets an owner address without checking for address(0):

contract Example {
address public owner;
function setOwner(address newOwner) public {
owner = newOwner; // No check for address(0)
}
}

In this example, calling setOwner(address(0)) would set the owner to an invalid address, potentially disrupting contract functionality.

Recommended Mitigation:

  1. Add Checks: Implement checks to ensure that addresses being assigned are not address(0).

function setOwner(address newOwner) public {
require(newOwner != address(0), "Invalid address");
owner = newOwner;
}

  1. Use Modifiers

Updates

Lead Judging Commences

equious Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.